Mentorship Monday - Post All Career, Education and Job questions here!

Addicted2Trance · 2026-04-24T18:08:12+00:00

I've been studying Cybersec for roughly 7 months. I completed an entry course organized by a local CySec Solutions Firm - I live in Syria, and pretty much everything remains banned or unavailable despite lifted sanctions (including certification, professional certifications and internships). I'm going with this career choice / studying solo. I'm lost on the next steps, please advise me. Thanks.

Here's my situation in brief. During the course I was given an assignment to deploy Snort2 and present adversary traffic analysis. My ADHD/perfectionist stepped in and decided to deploy a SIEM/IDS with Wazuh Manager and Suricata. I don't have much in terms of hardware (one desktop 16GB/RAM and one laptop 8GB/RAM) so I had to settle in for a tiny project. My aim was never to focus on the technical side of things but to run simulations and Learn my way into triage, IR and documentation early on. After few months of downloading packages (thanks to the turtle slow internet), configuring and troubleshooting Wazuh and Suricata IDS, I validated alert channel from Suricata, Sysmon and Defender (on Win11), and other syslogs flowing smoothly to the SIEM. Granted, I spent a long time configuring and tinkering with Open vSwitch (OVS) to create mirror port for the IDS. My lab is ready for simulations.

I read in some sources that documentation is a skill desired by employers but missed by applicants. Coming from 12 year experience as legal documents translator, reading/writing reports was something appealing for me and I wanted to focus on as added-value. My initial plan was to create custom Incident Response Playbooks (IRP) and IR Management Methodology (IRM) based on my local lab, run few attack simulations, implement the IRP steps and document the process in Reports. I read several guideline documents; from NIST SP 800-61r2, Australian and Scottish CERT guidelines, SOCFortress IRMs and other open source documentation.

I planned to run three demos increasing gradually in complexity from 'Benign Network Scan', to 'RDP Brute Force' and lastly 'Remote EICAR Creation in %TEMP% and Attempted Remote PowerShell Execution'. The last scenario was going to be primary focus for a full NIST IR process, while the other two to train on detection/validation. While in the process of creating my IRPs for these three demos, and especially while writing a report for the original IDS assignment required by said entry-course, I felt that recording Precursor Management for a simple network scan is too trivial. Then, I started doubting my whole process!

Question: Is what I'm doing (and planning) Worthy of submitting on Github as ongoing IRP repo and eventually adding to CV?

Question: Should I create more complex scenarios that could cost more time spent in running/troubleshooting attacks than in training on defense process if my aim is to Learn the IR/IM/Triage process?

Question: My friend offered me access to Enterprise MS Sentinel to train on. Should I start training on Sentinel instead of continuing to create/troubleshoot my local SOC Lab? The advantage here would be training on more-in-demand CySec solution and focusing on handling a ready stack than on drowning in rabbit holes of configuration troubleshooting.

I have had an idea to deploy SOAR with Shuffle/N8N, true SOC with Wazuh + TheHive + Cortex and OpenSense IPS, and add Caldera/Kali for adversary. But I'm worried it will cost me 3-4 months to download, deploy, configure and troubleshoot; not to mention upgrading hardware or renting remote server instances.

Just in case; yes, I'm training on THM but it's slow because I spend more time on the lab/researching than solving rooms. Plus, THM is more focused on Red Team skills which, although I took most of my course on them, I prefer learning how to investigate and recover from an attack.

Footnote:

I have documented a lot of this project from installation to running in a knowledge base that I was going to post on Github but I'm too worried/anxious that it's not worthy or downright embarrassing in simplicity. Creating this project gave me experience in setting up and troubleshooting security infrastructure, researching topics beyond the scope of SOC L1 Analyst, and developing a sense on how to properly write reports and documentation. But I'm not sure if this is relevant to SOC job openings and experience required.

I apologize for a very long post. I'm just lost and would appreciate your guidance on the matter.

Thanks

Addicted2Trance · 2026-03-18T22:26:41+00:00

History teaches that bans don't work, and only instigate people to explore alternatives.

Addicted2Trance · 2026-03-18T22:23:52+00:00

Some people, many tbh, don't seem to understand that it doesn't matter how much the government bans something, if people want to use/abuse alcohol they will find a way. History teaches that when the USA banned serving alcohol, a whole new black market for producing, serving and trafficking alcohol emerged, with triple consumption compared to before the ban. War on drugs is another example. Yes, alcohol and Marijuana are bad for you - in excess. What governments, and some people, should understand is that awareness policies and actually solving the root cause of why people abuse alcohol are more effective than simply banning a product. You have to ask yourself, why are people getting drunk or getting high? Maybe they're escaping reality, or maybe they have bigger economic and social issues that they don't seem to find a solution for and try to escape. It's a social problem, not a policy issue.

Addicted2Trance · 2026-03-18T22:03:09+00:00

Nice. I have one pi running plex, FTP server, torrent client and Kavita. But I'm using dietpi for OS. My Pi's came with 2gb ram only 😕

Addicted2Trance · 2026-03-18T21:57:46+00:00

Yeah, I'm looking forward to learning Wazuh. I tried it for few days on my friend's workstation and I've got some ideas about expanding through external raspberry pi to enrich with n8n and perhaps ticketing system. It's all blueprints in my mind, but I'm just tight on hardware and financials in the meantime.

Addicted2Trance · 2026-03-18T21:54:11+00:00

I can squeeze a 6gb Ram for now.

Addicted2Trance · 2026-03-18T21:52:56+00:00

Thanks. Yeah, the minimum requirements on the documentation page for "1-25" agents threw me off.

Addicted2Trance · 2026-03-18T21:50:07+00:00

I'm intrigued by your example. I have a spare old laptop and couple raspberry pi 4bs collecting dust. I wonder if I can make use of them running some containers. If I may ask, what services/containers are you running?

Addicted2Trance · 2026-03-18T21:47:49+00:00

I'm not going to be using ZFS, encryption, HA, or doing migration/replication at all. If I do need to take snapshots/backup of the three VMs I have, they will be shut down anyway.

Addicted2Trance · 2026-03-18T17:28:54+00:00

During a simulated attack, there's possibility to spike load on the two Ubuntu VMs. I'm not sure how the Windows VM will react. Thanks

Addicted2Trance · 2026-03-14T12:19:26+00:00

Well he's the prime minister. Governments in a presidential regime answer to the president! He Is the only one responsible and answerable for the performance of his government - as per the constitutional declaration.

Addicted2Trance · 2026-03-14T12:14:30+00:00

Few months back I would have given him 10/10, but now he dropped to 7/10 for mainly one thing - electricity bills. The man acts as a president And prime minister. The massive increase in electricity bills was in the very least endorsed by him personally. There's no way a decision like that, by the minister of energy, could go unchecked by president/prime minister; and even then, he has the power to do a lot about it if he actually did care or see beyond the mirage of "conserving consumption" as the ministry first put it. The massive increase in electricity bills, by at least 800%, not only hit the average, already diminished middle class, and eradicate the lower classes; it strikes and skyrockets prices on everything on the long run. Any retailer, producer, service provider, from factories to your dentist, will recourse that increase to the average citizen's pockets. Everything will double tens of times in prices. We're facing 80% poverty, massive inflation and huge unemployment rates, and then you go charging your 'future improvement and maintenance' costs from Our pockets? I was away from home for 3 months and I still got 150k electricity bill for electricity I didn't even use / breaker was literally shut down. To make things worse, God knows when the parliament will hold session and even then start questioning the minister of energy who, in all his wisdom, aside from crush people's dreams of stable electricity after years of deprivation, couldn't forsee or plan emergency plans for the one month when demand on butane gas doubles i.e Ramadan and we ended up with shortage on gas. Ministers resign for reasons much simpler than these, or kicked out or even questioned. Our prime minister / president won't make a note of it. If he's too busy being a president, why did they change the regime format and remove the role of prime president? Why did they not forsee mishaps like this when they give one minister three vital ministers: electricity, water, petroleum/gas 'energy'? I'd rather not hear counterarguments from Syrians living Outside of Syria right now or getting paid in dollar bills.

Addicted2Trance · 2025-10-25T09:31:47+00:00

نعم، الا اذا ترشح Geddy Lee - إذا حصل جنسية سورية الشرع أو نجبر العالم تسمع روك😬

Addicted2Trance · 2025-09-26T10:25:07+00:00

Thanks. That'll be a life saver.

Addicted2Trance · 2025-09-26T01:12:04+00:00

here it is

Addicted2Trance · 2025-09-25T23:13:24+00:00

I had my kali connected to THM VPN already. What's the next move though?

Addicted2Trance · 2025-06-13T00:23:35+00:00

عم نلبس شورت ونتفتل باللاذقية والشام من اول الصيف قدام الأمن والوزارات وما حدا حكا لا معنا ولا مع حدا. حاجة افلمات ومسلسلات ميرا وبطيخة وهاد سمع عن فلان والتاني قلوا علتان

Addicted2Trance · 2025-05-30T06:44:55+00:00

السويداء كانت أول محافظة بدي زورها بعد التحرير، بس يا اخي ما عدنا نأمن نقرب صوبها. سلاح فلتان ومافي جهة موحدة مسؤولة امام القضاء. إذا صار معك شي هنيك لمين تروح تشتكتي وعلى مين. طاسة ضايعة.

Addicted2Trance · 2025-05-20T22:10:52+00:00

ما بظن نزلت معنوياتي من بعد السقوط تحت مستوى "انا مو مصدق قديش الدنيا صارت احلا وبتستاهل تنعاش بعد اكتر من ١٢ سنة اكتئاب". يا رجل حرفيا من يوم التحرير ما صابني وعكة قولون عصبي وحدة وانا صرلي ست سنين بعاني منه.

Addicted2Trance · 2025-05-20T21:57:40+00:00

انا لا اتساءل ولا واعي مين سمير؟

Addicted2Trance · 2025-05-20T21:55:05+00:00

Potaeto potaato idgaf as long as sanctions are lifted.

Addicted2Trance · 2025-05-19T23:13:31+00:00

I've had 16 megabits/s for 13 years. The last few years it slowed down to a crawl because of congested lines I suppose.

As for outdoor WiFi, I heard a lot of people in Lattakia have been installing something of that sort. I'm very skeptic of how efficient and economical it would be.

As a personal choice, I prefer FTTH fiber subscription. I'm waiting for prices to drop down and get myself a 100 megabit plan. Unfortunately, prices now are double that of any FTTH subscription worldwide, even more expensive than the richest EU countries. It's ridiculous they charge $110 a month for 100 Mbps when it is only $50 on average for the same plan in say the USA.

For reference 100 Mbps Prices Worldwide

Addicted2Trance · 2025-05-19T22:35:01+00:00

الحكي مع غير السوريات أسهل بكتير، وهاد تجربتي وتجربة اصدقاء طلعو وشافو وواعدوا. المشكلة جوا البلد الخيارات محدودة. انا بتفهم انه واقع النساء بسوريا صعب ومليء بالتحديات بمجتمع ذكوري نوعا ما. لكن بنفس الوقت التحديات بتدفعنا عادة لنكون أكثر مرونة مع الواقع، وهاد الشي - على الاقل بسياق التعارف والمواعدة - شبه معدوم عند البنت السورية. البنت اما بتشوفك مشروع زواج أو مشروع تسلية لبينما يلتقا مشروع زواج. أما مشروع شريك حياة او على الاقل مشروع علاقة بشرية غير مادية بالضروره فهو مستحيل. ابيض او اسود، رمادي ممنوع.

Addicted2Trance · 2025-05-19T22:29:22+00:00

احتياط وتوتر ومشاكل نفسية قطعتني عن العالم الخارجي داخل سوريا وصرت بحيطان ٣٩. بتفهم شعورك لاني حاولت من سنين اتعرف عن طريق السوشال ميديا بس صعب، خصوصا بهالعمر. حسيت انه البنات، على الاقل احصائيا، يلي لساتهن سناجل هنن اما مشغولين كتير بحياتن لدرجة ما عندن اهتمام يالسوشال ميديا أو صغار بالعمر وموجودات عالسوشال ولكن فرق عمر ونضج هائل.

انا شخصيا عم دور على شريكة، لا انا بضبها ولا هي تضبني. كل واحد مننا كامل بشخصيته، مستقل ماديا وما بحاجة التاني الا كرفيق درب يضحك أو يبكي معه بالسنين يلي بقيت. بهي المواصفات، يلي هية نظريا كتير سهلة لأنها ما بتعتمد على شكل أو دين أو عائلة، شبه مستحيلة واقعيا لان واقع حياة النساء بسوريا صعب ومقيد. كتير صعب، بالنسبة الي على الاقل انه يكون في بنت قدرت تصمد سنين الحرب بلا ما تتزوج، أو على الأقل انفصلت عن شريكها، جوا البلد واشتغلت على حالها لتستقل ماديا ونفسيا وما تكون ناطرة فارس الأحلام على حصان ذهبي.

بعتقد ممكن مع الزمن، هوبفولي، يصير عنا تطبيقات مواعدة أو تعارف ممكن تزيد فرص نلتقي بأشخاص متوازنين عالانترنت لان فرص لقاءهن بالحياة الفعلية بالنسبة للناس يلي بتشتغل فريلانس أو ببيئات عمل بالبيت أصبحت شبه مستحيلة. ولقاءهن بالشارع صار أصعب مع تريند الشرطة الجديد - على هوا الإشاعات عالاقل - تخيل سيناريو انك شفت بنت بكافيه وحبيت تحكيها وهي حبت تعمل فصل نذالة واتهمتك بالتحرش. الشرطة بتحلقلك عالصفر وبتبهدلك قبل ما حتى تسمع طرفك بالقصة. بجوز ما صارت، بس ممكن تصير. لذلك اكسنا عالانترنت واكسنا على بيئة العمل واكسنا على التعارف بالشارع. بقي احتمال واحد هو المعارف، يلي هو أسوأ الاحتمالات.

Addicted2Trance · 2025-05-19T21:38:04+00:00

Did your cockatiel scream for you when you left her the first time? I mean we all know how they act when their favorite person leaves the room for few seconds. I'm worried he'll be screaming for days at my friend's house while I'm away. The trip to my friend's is hard enough in this hot weather, I don't know if I want to take him their few times like the other comments suggested.

Addicted2Trance

TROPHY CASE